Public Records on the Internet: The Privacy Dilemma

A shorter version of this paper was presented at the Computers, Freedom and Privacy 2002 Conference: Plenary Session #9: "How Public Is too Public? Public Records and Personal Privacy" San Francisco, CA

INTRODUCTION

The Privacy Rights Clearinghouse (PRC) is a nonprofit consumer information, research, and advocacy program based in San Diego, California. It was established in 1992 and is primarily grant-funded. The PRC operates a hotline, by telephone and electronic mail, and invites individuals to voice their complaints and obtain information about privacy matters. The PRC's many fact sheets offer practical tips on how to safeguard personal privacy. These are available on our web site, www.privacyrights.org[1].

One of the most challenging public policy issues of our time is the balancing act between access to public records and personal privacy - the difficulty of accommodating both personal privacy interests and the public interest of transparent government. I will discuss the privacy implications of making public records containing personal information available on the Internet. I list nine negative consequences of the availability of public records online. I conclude by offering 11 recommendations for safeguarding personal privacy while upholding the public policy reason for providing access, that being to promote government accountability.

PUBLIC RECORDS ON THE INTERNET

Courts and government agencies at all levels of government - local, state, and federal - are increasingly making public records available on web sites. Some jurisdictions are just beginning, while others have done so since the mid-1990s.

There are two ways public records are accessible electronically. Some jurisdictions post them on their government web sites, thereby providing free or low-cost access to records. Government agencies and courts also sell their public files to commercial data compilers and information brokers. They in turn make them available on a fee basis, either via web sites or by special network hookups. The following are examples of public records containing personal information available remotely via electronic access.

Property tax assessor files. Typical records contain name of owner, description of property, and the assessed value for taxation purposes. Some systems even provide blueprints of the property.

As I stated in the introduction, the reason that public records are public is unassailable -- so we the people can monitor our government. Public records provide notice to all members of society of the official actions taken by government. They also provide notice of the "official" status of individuals and property. Making public records accessible to citizens via the Internet is a powerful way to arm people with the tools to keep government accountable.

But public records also contain a great deal of information about individuals, often very sensitive information. The following examples refer to court proceedings.

Court records often contain Social Security numbers (SSNs) and financial account numbers. These are commonly available in divorce decrees, child custody cases, and bankruptcy filings. But when account numbers, personal identifiers, and dates of birth are accessible on the Internet, they could be used to commit financial fraud. The crime of identity theft is at epidemic proportions today, fueled in part by easy access to SSNs.

Family law files typically contain information about children as well as allegations - whether accurate or not -- of wrongdoing and negligence by warring spouses.

When aggrieved insurance holders sue the insurance company over medical payment claims, the details of their medical conditions are likely to become part of the court record and thereby public. It is a common tactic of companies to threaten to bring highly sensitive medical information, as well as other personal matters, into the case in order to discourage the plaintiff from proceeding.

For example, in a prominent case of alleged identity theft negligence, the defendant, a credit bureau, obtained the plaintiff's gynecological records in order to attempt to show that she was mentally unbalanced and that her claims had no merit.

In a dispute with a neighbor, or a business dispute, many allegations can be made that might not be true.

In employment-related matters such as sexual harassment cases, it is common for the defendant to divulge damaging allegations about the plaintiff, such as lifestyle and sexual history.

In criminal cases, the statements of victims and witnesses become part of the public file. These often contain highly sensitive personal information. Witnesses' personal safety can be at risk in some cases if their identities are revealed.

It is important to note that in the majority of situations, providing personal information to government agencies and courts is mandatory. Individuals have no choice in the matter.

Providing access to public records on the Internet alters the balance between access and privacy that has existed in paper and microfiche records. Many commentators have used the term "practical obscurity" to describe the de facto privacy protection accorded court documents stored in back rooms and accessible only by visiting the courthouse and asking a clerk to retrieve them.

NEGATIVE CONSEQUENCES OF ELECTRONIC PUBLIC RECORDS

I predict that there will be significant negative consequences to individuals when public records containing personally identifiable information are widely available on the Internet or via proprietary fee-based systems. I list nine such consequences here, and then conclude with suggested solutions.

Less participation in public life.Fewer individuals will choose to participate in government. There is the very real possibility that the continued growth of public records web sites and information services that compile government records from many sources will result in the chilling effect of people choosing not to take part in public life. If the result of participation in public life is to lengthen one's electronic dossier and make more personal information available to whoever wants to obtain it, then it is likely that people will avoid those situations where personal information is gathered.

A former California Secretary of State Tony Miller observed that many people do not vote because they do not want their name, address, party affiliation and other information publicly available. That is why his office promoted legislation - now law -- to make the home address confidential. We have heard ample evidence from callers to our hotline to support his observation. Many other states also impose use restrictions on voter registration records.

Justice only for the rich.Justice will only be available to those with the resources and know-how to seek private judicial proceedings. Those who can afford to hire private judges will choose this option in order to keep their personal information out of the public records generated by the traditional court system. Only the rich will be able to safeguard their personal information in this manner. Many of those who do not have the means to hire private judges will choose not to file suit against their insurance company, for example, or their abusive employer. We may become a society in which only the rich get justice. Indeed, many say we already are.

Identity theft.The crime of identity theft and other types of fraud will be fueled by easy access to personal identifiers and other personal information via electronic public records. Such information includes Social Security numbers, credit card and bank account numbers, and details about investments.

Identity thieves use information such as SSNs and date-of-birth to obtain credit in another person's name. They purchase goods and services in the innocent person's name and destroy their credit history when the bills go unpaid.

Identity theft has a devastating effect on its victims. They are unable to obtain home loans, refinance their homes, purchase vehicles on credit, rent an apartment, even obtain employment. Surveys show that victims must spend a great deal of time to regain their financial health. A 2004 study by the Identity Theft Resource found that typical victims spent 100 hours to clean up their credit report. www.idtheftcenter.org/aftermath2004.pd[2]f[3].For additional surveys, see our web site at www.privacyrights.org/ar/idtheftsurveys.htm[4].

Identity theft is an opportunistic crime. The majority of criminals obtain the tools of their trade -- Social Security numbers, credit card account numbers, dates of birth, and mother's maiden names -- wherever they can find them, for example, by digging through trash and stealing mail. It will not take long before identity thieves realize they can find such data much more easily online via public records. In fact, an Associated Press article in March 2006 reported that identity thieves accessed the government web site for Hamilton County Ohio to steal Social Security numbers and other personal data of hundreds of Ohio residents. A federal grand jury indicted eight individuals suspected of operating an identity theft crime ring. www.wkyc.com/news/news_article.aspx?storyid=48724[5]

Destruction of reputations.Individuals will experience shame and embarrassment, even discrimination, when details of their personal lives are broadcast in court records available on the Internet. The PRC has been contacted by many individuals who have relayed such experiences.

Reputations will be destroyed because of errors. There is no such thing as a perfect data base. And there are no infallible users of data files. We are already seeing the growing problem of individuals who are wrongfully linked to crimes they did not commit because of identity theft. This occurs when an imposter uses an innocent person's identifying information when apprehended by law enforcement. Another scenario is when tax liens and judgments incurred by the identity thief are listed in the name of the innocent victim.

In other situations, the background investigator obtains information on the wrong John Doe, not taking adequate care to match the information with the correct individual. Another scenario is when the information broker's files are not up to date and the investigator, perhaps an employment background check company, is not informed of acquittals or dismissals. To read the stories of several individuals who have had difficulty obtaining employment because of problems with background checks, read the PRC's comments to the U.S. Dept. of Justice, submitted August 2005. www.privacyrights.org/ar/DOJbackgrd.htm#9[6]

Personal safety risks.Victims and witnesses who are named in court records could be put at risk. The personal safety of victims of domestic violence and stalking, for example, could be jeopardized. A domestic violence expert who contacted the PRC told me that many victims of stalking and domestic violence do not file cases in court because they do not want their private information being in the public arena for fear of it being used by the stalker to locate and harm them. Witnesses to crimes could also be put in harm's way because of retribution from the perpetrators and other parties to the crimes.

Secondary uses of information.Data from electronic public records files will be used for secondary purposes that stray far from the original public policy purposes for which they were first created, that being government accountability. Compiling public records information from several sources and merging them with commercial sector data files allows the data to be sifted and sorted in many different ways. Brand new records are created. The types of uses that can be made of these new records extend far beyond the original public policy reason for collecting them. A Utah court, for example, learned that a resort that catered to singles was accessing divorce files in order to obtain the names of individuals to receive its marketing solicitations.

Dossier society. But there are far more serious consequences to merging disparate electronic files of personal information into massive data bases. We are becoming a "dossier society." Extensive histories - whether accurate or not - are increasingly available at the click of the mouse to virtually anyone.

Law professor Jeffrey Rosen discusses the negative consequences of a dossier society in his 2000 book, The Unwanted Gaze: The Destruction of Privacy in America. His main concern is the compilation of bits and pieces of information about us from disparate sources, taken out of context, and then used to form conclusions and make decisions about us. He says:

".[W]hen intimate information is removed from its original context and revealed to strangers, we are vulnerable to being misjudged on the basis of our most embarrassing, and therefore most memorable, tastes and preferences." (p.9)

He used the subpoenaing by prosecutor Kenneth Starr of Monica Lewinski's book purchases from a Washington, D.C., bookstore as an example of how such profiling can harm individuals. This occurred during the Clinton administration sex scandal. Rosen further states:

The aggregation of digital biographies by such companies as ChoicePoint enables "investigations to be carried out on millions of innocent people without any suspicion or oversight by a neutral judge or magistrate." (pp. 54-55)

The assemblage of data about us portrays a "distorted persona, one who is constructed by a variety of external details." (p.55) Our digital biography becomes an "unauthorized biography, only partially true and very reductive." (p.56)

Digital biographies are increasingly being used to make important decisions about us - by employers, marketers, and the government. (p.56)

Our digital biographies can expose us to dangers such as identity theft and stalking. (p.56)

Digital biographies are often inaccurate. Solove cites the errors in the data supplied by ChoicePoint to Florida election officials that prevented many individuals from voting in the November 2000 election. They were wrongfully listed as being felons. (p.56)

Solove has since published a book on this subject, The Digital Person: Technology and Privacy in the Information Age (2004).

"Privacy protects us from being misdefined and judged out of context in a world of short attention spans, a world in which information can easily be confused with knowledge." (p.8)

Similarly, law professor Daniel Solove discusses the role of technology in enabling the aggregation of vast amounts of disparate data about individuals. ("Access and Aggregation: Public Records, Privacy, and the Constitution," August 10, 2001, available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=283924[7], and soon to be published in the Minnesota Law Review, Vol. 86, No. 6, 2002.)

"Computer databases contribute significantly to what I call the "aggregation problem." The aggregation problem stems from the fact that the digital revolution has enabled information to be easily amassed together. We often sprinkle small details about ourselves in a variety of settings as we go about our daily lives. .. But imagine if every person or entity we ever came into contact with during our lives pooled everything that they knew about us. A fact here and a detail there add up." (p.14)

Solove coins the term, "digital biographies," to describe the same phenomenon that Rosen describes as the "dossier society." He outlines several aspects of the digital biography that raise alarm. (pp. 53-56)

Loss of social forgiveness.A particularly troubling consequence of untrammeled access to electronic public records is the loss of "social forgiveness." In a dossier society, there is no social forgiveness. Your conviction of graffiti vandalism at age 19 will still be there at age 29 when you're a solid citizen trying to get a job and raise a family.

There are precedents for restricting the amount of access to various informational histories. One is the rap sheet -- or criminal history -- which in California and many other states is confidential, not public. Juvenile court files are sealed, at least for those youth not tried as adults. On the private sector side is the credit report. Documentation of a bad payment history can only be kept on the books for seven years -- a bankruptcy for 10 years. In these ways, society allows the possibility "starting over."

Growing numbers of disenfranchised individuals. As a consequence of all the factors I've raised here, I predict that our society will see a growing number of individuals who are disenfranchised for life. Large numbers will not be able to find employment because of negative information in court files - whether true or not - from years gone by. Or they will be relegated to lower-paying jobs in the service industries, unable to bring their true abilities into the employment marketplace. We have been contacted by many such individuals in our ten-year history. I believe, sadly, we will be contacted by many more.

Case in point: Wall Street Journal reporter Ann Davis recently reported on the increased use of background checks by American companies in the aftermath of the terrorist attacks of September 11, 2001. She tells the stories of many individuals who have lost their jobs because of relatively minor crimes committed many years ago.

She quotes Lewis Maltby of the National Workrights Institute: "There are millions of people in America who have done something illegal at some point in their lives. It's unfair to deny someone a job or destroy their career because of something they did 10 years ago that wasn't job-related to begin with." (Ann Davis, "Firms Dig Deep into Workers' Pasts Amid Post-September 11 Security Anxiety," Wall Street Journal, March 12, 2002.)

SOLUTIONS

What can be done to mitigate the negative consequences of making public records containing personal information available on the Internet and from other electronic services? Governments are not likely to make the decision to keep such records off the Internet altogether. Indeed, they should not. The public policy reasons for making public records available electronically are irrefutable - promoting easier access to government services as well as opening government practices to the public and fostering accountability.

But there are several approaches government agencies and court systems can take to minimize the harm to individuals when sensitive personal information is to be posted on the Internet while at the same time promoting government accountability. As above, many of the following points pertain to court files.

Limiting what is posted online. Court systems can start by posting only the court indexes, registers, and calendars on the web rather than the full texts of court proceedings. Using a "two-tier" access policy, the full-text of, say, divorce records would still be available at the courthouse. Electronic access would be limited to the case details - names of parties, date of divorce, court information and so on.

In an article in the Journal of the American Academy of Matrimonial Lawyers, family law attorney Laura W. Morgan espouses the concept of "two-tier" access, especially for such court files that contain highly sensitive personal information such as divorce records. Morgan points out that divorce records may contain a significant number of allegations that are untrue and that one party has inserted into the file as a form of "gentle extortion," perhaps to obtain child custody or to be awarded full title to the family home. (Laura W. Morgan, "Strengthening the Lock on the Bedroom Door: The Case Against Access to Divorce Records Online," Journal of the American Academy of Matrimonial Lawyers (17:1, 2002), p. 64.)

Adopting automation systems with redaction features. Court systems can demand that the automation systems they procure are able to support flexible redaction features. Such systems should enable sensitive information to be tagged so that when the files are loaded onto the web site, it is blocked from view. Examples of the kinds of data to be redacted are: Social Security numbers, credit card and bank account numbers, specific investment information, and medical records information. If computer systems are not yet available that support redaction, court systems should wait until they are more widely accessible before posting the full-texts of court documents on the web.

Robust rules of court. Courts must adopt rules that prohibit the most sensitive of court files - including family law cases - from being posted in full on public web sites. The following are useful resources on this topic:

The California Judicial Council has recently adopted rules of court (December 2001) that prescribe what types of records can and cannot be accessed electronically by the public. www.courtinfo.ca.gov/newsreleases/NR91-01.HTM[8]

The Judicial Management Council of Florida released a particularly thoughtful report in November 2001, "Privacy and Electronic Access to Court Records." Its main recommendation is that "[u]ntil policies are developed that appropriately balance privacy with access, and which support the core mission of the courts to do justice, unrestricted electronic access to court records should not be available." (p.2) www.flcourts.org/pubinfo/documents/privacy.pdf[9].

See also the Laura Morgan article on divorce records cited in point 1 above.

The web site of the Electronic Privacy Information Center contains a useful compendium of reports and news articles in the section on "Privacy and Public Records," available at www.epic.org/privacy/publicrecords[10].

The Justice Management Institute and National Center for State Courts have developed guidelines for "Public Access to Court Records" at www.courtaccess.org[11].

Examining the public policy objectives of online records. Government agencies and courts must ask themselves what public policy objectives they are accomplishing by making records available on the Internet, particularly those containing personal information. Would there be a way to limit the amount of personally identifiable information posted on the Net without undermining the public policy purpose of making records accessible on the agency's website?

I suggested in point 1, for example, that courts can choose to post only the case indexes on the Internet rather than the full-texts of files. I have yet to hear a reasonable explanation for the public policy purpose of posting, for example, the full-text files of divorce records online, complete with the gruesome details of failed marriages. Wouldn't the purpose of notifying society that the marriage between the stated parties has ended as of the specified date be sufficient detail to be posted online?

Another example of restricting online access to certain personal information is already in practice regarding property tax assessor files. The San Diego County (California) Assessor decided to not post the names of property holders on its web site. Rather, users must seek property valuation data by searching under the address of the property. The primary use of this file, after all, is to determine the taxable value of property and to check that similar property is taxed at the same rate. Name searches are not possible via the web site, and indeed are not necessary to ensure the policy objective that property is being assessed fairly.

The process of analyzing the public policy purposes of certain government records being public and others not is long overdue. Now that courts and government agencies are grappling with the decision to post their records online is an ideal time to engage in this analysis.

Why are Medicare records confidential? Why are tax documents not available to the public? Why are other types of government records considered public? Which records need to be public in order to promote such policy objectives as government accountability? Which records should not be released to anyone without the individual's consent? For certain types of records, can public access be limited to just the key elements of the records in order for the public policy objective of government accountability to be achieved?

These questions must be answered in order to make rational decisions about posting public records containing personal information on the Internet.

Restrictions on access.Courts and other government agencies can restrict or control access to records in order to protect particularly sensitive personal information. This recommendation is proposed by Seton Hall Law School professor Daniel Solove in "Access and Aggregation: Public Records, Privacy, and the Constitution. (August 10, 2001, available online at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=283924[7], and soon to be published in the Minnesota Law Review, Vol. 86, No. 6, 2002.)

He cites numerous cases and provides an extensive analysis of the applicability of the Constitution to make his arguments, a full discussion of which is beyond the scope of this presentation. In Solove's words:

"There is no federal law establishing a baseline for the regulation of public records. Thus, personal information is regulated by a bewildering assortment of state statutory protections which vary widely from state to state. .. This chaotic state of affairs is troublesome in an Information Age where information so fluidly passes throughout the country and is being made more widely available by the Internet and through private companies. The privacy protection that currently exists for public records is largely designed for a world of paper records and has been slow to adapt to an age where information can be downloaded from the Internet at the click of a mouse." (p.40)

"Do we want to live in a Kafkaesque world where dossiers about individuals circulate in an elaborate underworld of public and private sector bureaucracies without the individual having notice, knowledge, or the ability to monitor or control the ways the information is used? Public records contribute to this privacy problem because they enable the creation of a dossier of personal information about individuals. .. The problem is that, often without the individual's knowledge or consent, the information is then used for a host of different purposes." (p.45)

"It is my thesis that both transparency and privacy can be balanced through limitations on the access and use of personal information in public records. Of course, we must rethink what information belongs in public records. But we must also regulate the uses of our digital biographies. Government is not doing enough to protect against the uses of the information that it routinely pumps into the public domain." (p.57)

Solove goes on to analyze several prominent court cases and to offer arguments as to why government agencies can restrict or control access in order to protect personal privacy:

" . [T]he government retains significant discretion in how it chooses to distribute its largesse. Public record information is part of this largesse, and the most recently decided unconstitutional condition cases suggest that the government can impost certain conditions on how this information is used before it makes it available to the public." (p.76)

"Both transparency and privacy can be balanced by certain limited access and use regulations. By making access conditional on accepting certain responsibilities when using data - such as using it for specific purposes, not disclosing it to others, and so on - certain functions of transparency can be preserved at the same time privacy is protected." (p.78)

Anonymizing and aggregating data. To flesh out the previous point, in certain situations access to court and government agency records can be accomplished by providing them in aggregate form with personal identifying information left out, or by enabling full access under special confidentiality agreements with the court or agency. The result would be to anonymize the information that is ultimately made available to the public via news stories or academic treatises.

Investigative reporters or academic researchers might want to analyze trends in certain types of court cases, for example, divorces. They should have the ability to apply to the court for full access to these files, but should be required to enter into a confidentiality agreement with the court to not publish personal identifying information and not to share that information with others. Other requests for broad-based access might be fulfilled by the court or government agency by providing aggregate data with personally identifying information removed.

Rules of court (see point 3 above) must include provisions enabling access to multiple files for research and investigative purposes, while at the same time protecting the privacy of those individuals named in the records.

The preceding recommendations pertain primarily to court and government agency records. We must also examine those professions that use public records information, namely information brokers and private investigators.

Regulating the information broker industry. The information broker industry must be regulated. At present, information brokers purchase public records from local, state, and federal government agencies and repackage them for sale to subscribers. They add data files from commercial data sources such as credit reports and consumer survey data. Virtually anyone can obtain access to these files, although many information brokers claim they limit access to professions such as private investigators, attorneys, law enforcement, media, debt collectors, landlords, and employment background checkers. However, the effectiveness of such self-regulation is limited at best.

The information broker industry should be regulated much like the credit industry is governed, under the Fair Credit Reporting Act, or FCRA (15 USC 1681). The underlying principles that are codified in the FCRA are known as the "fair information practices," or FIPs. Briefly, such principles include: openness, access to data, correction (data quality), purpose specification, collection limitation, use limitation, security, and accountability. (The Privacy Rights Clearinghouse web site contains a broader discussion of the FIPs, at www.privacyrights.org/ar/fairinfo.htm[13].)

Individuals must be able to find out when information about them is accessed and for what purpose. They must be able to get access to those data compilations in order to determine if they are accurate. And they must be able to take legal action when personal data is obtained and disclosed for illegitimate purposes. With the information broker industry largely unregulated, individuals have little opportunity to know how data about them is used by others, with the limited exception of investigative consumer reports (background checks), discussed in the next point.

Closing loopholes in the background check law. The loopholes in the background check laws at the federal and state levels must be closed. The federal law is the investigative consumer reporting section of the Fair Credit Reporting Act (15 USC 1681d). This law requires employers to obtain consent from the subjects of background checks. If an adverse hiring decision is made, the individual must be given a copy of the report.

At present, the federal law only pertains to employers who hire third party investigators to conduct background checks. It does not apply if the employer conducts the background check itself. An increasing number of employers are doing their own investigations due to the availability of low-cost information broker data bases on the web. The law must be broadened to encompass employers who conduct their own searches. (The California Legislature amended its background check law, effective 2002, to require employers who conduct their own investigations to abide by the same disclosure requirements as third part investigators. See California Civil Code 1786.53.)

The law must also close the "adverse decision" loophole. An employer might claim to have decided to not hire an individual because of a superior job pool, not because of negative information found in the background check. In such cases, the applicant does not need to be given a copy of the report and may never know that erroneous information, for example, may have been the real cause of the rejection. Employees and job applicants must be given the opportunity to obtain copies of their background checks in all instances, not just those where adverse decisions have been made. Of course, there must be an exception for investigations conducted when there is suspicion of criminal wrongdoing. To read more about the problem of background checks and wrongful criminal records, see my 2000 speech presented at the SEARCH conference, available on the PRC web site, www.privacyrights.org/ar/wcr.htm[14].

Requiring more accountability of the private investigator industry. The private investigator profession, a major user of public records information, must be regulated in those states where there are no oversight agencies. Further, existing regulations must be tightened and made uniform nationwide, perhaps by federal law. Private investigators must be held to strong standards regarding their access to and use of sensitive personal information. They should be held accountable when they misuse personal information.

My concluding recommendations are more global in scope.

Teaching and practicing tolerance. This is my "tolerance" recommendation, and is perhaps in the realm of the "impossible dream." Even so, it must be considered by all of us. We must transform how our society judges individuals - not an easy task. As I discussed earlier, we appear to be forgetting the older social value of "societal forgiveness." If we are becoming a dossier society, and I don't see signs suggesting otherwise, we must all strive for greater tolerance when "negative" information is found in personal data compilations. After all, one person's "black mark" is another's life lesson learned the hard way.

How to accomplish such a societal transformation is hard to envision, especially at a time when we are increasingly a "get-even," litigious society. For starters, schools and colleges must teach about tolerance and responsible information-handling practices in business and ethics classes. And employers must be willing to look beyond many of the so-called negative items found in background checks in their hiring decisions. I realize that the latter is especially difficult for companies to do given the likelihood of facing negligent hiring lawsuits if bad decisions are made.

The "go slow" approach. Finally, courts and government agencies must take a "go slow" approach to posting public records on the Internet. For example, as discussed earlier, the full texts of court records should not be posted online until flexible and effective redaction technology is available, and until court systems have adopted rules that support sealing the most sensitive information. Government agencies must examine the public policy objectives they are attempting to accomplish by making records available on the Internet - the prime one being government accountability. If there are ways to limit the amount of personal information provided online without undermining the public policy objectives of providing access, then such approaches should be considered.

I began this presentation by listing several negative consequences to individuals and to society when public records containing personally identifiable information are widely available on the Internet. I strongly believe that unless courts, government agencies and industry groups explore and adopt many of the recommendations presented here, there will be serious harm to many individuals and to society.

That is why the "go slow" approach is the best way to proceed at this time - so that technologies, policies and societal institutions can be allowed to evolve at the appropriate rate to protect privacy while at the same time as promoting the benefits of electronic access.

CONCLUSION

This presentation is a work in progress. I welcome your suggestions on ways to reduce the harmful effects of public records being published on the Internet, while at the same time upholding the public policy purpose of government accountability.

Thank you for your thoughtful consideration of these matters.

Acknowledgements.I am grateful to the following individuals for reviewing this paper and offering suggestions. The final conclusions are my own. These individuals are Joanne McNabb, Chris Hoofnagle, Dian Black, Robert Gellman, Mari Frank, and Carole Doeppers.